From owner-freebsd-bugs@FreeBSD.ORG Fri Aug 1 11:50:03 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 93074106567B for ; Fri, 1 Aug 2008 11:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6E1418FC1D for ; Fri, 1 Aug 2008 11:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m71Bo3eT094773 for ; Fri, 1 Aug 2008 11:50:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m71Bo3uY094772; Fri, 1 Aug 2008 11:50:03 GMT (envelope-from gnats) Resent-Date: Fri, 1 Aug 2008 11:50:03 GMT Resent-Message-Id: <200808011150.m71Bo3uY094772@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dmitry Tejblum Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AAD9D106564A for ; Fri, 1 Aug 2008 11:42:46 +0000 (UTC) (envelope-from tejblum@purple.yandex.net) Received: from purple.yandex.net (purple.yandex.net [213.180.201.241]) by mx1.freebsd.org (Postfix) with ESMTP id 331458FC08 for ; Fri, 1 Aug 2008 11:42:45 +0000 (UTC) (envelope-from tejblum@purple.yandex.net) Received: from purple.yandex.net (localhost [127.0.0.1]) by purple.yandex.net (8.14.2/8.14.2) with ESMTP id m71BSk0G000785 for ; Fri, 1 Aug 2008 15:28:46 +0400 (MSD) (envelope-from tejblum@purple.yandex.net) Received: (from tejblum@localhost) by purple.yandex.net (8.14.2/8.14.2/Submit) id m71BSjAu000784; Fri, 1 Aug 2008 15:28:45 +0400 (MSD) (envelope-from tejblum) Message-Id: <200808011128.m71BSjAu000784@purple.yandex.net> Date: Fri, 1 Aug 2008 15:28:45 +0400 (MSD) From: Dmitry Tejblum To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/126158: [patch] [vm] integer overflow in vm_pageout.c X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dmitry Tejblum List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2008 11:50:03 -0000 >Number: 126158 >Category: kern >Synopsis: [patch] [vm] integer overflow in vm_pageout.c >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 01 11:50:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Dmitry Tejblum >Release: FreeBSD 7.0-STABLE i386 >Organization: OOO Yandex >Environment: System: FreeBSD purple.yandex.net 7.0-STABLE FreeBSD 7.0-STABLE #12: Fri Aug 1 15:11:21 MSD 2008 root@purple.yandex.net:/usr/src/sys/i386/compile/PURPLE i386 >Description: The function vm_pageout_page_stats() compute (vm_pageout_stats_max * cnt.v_active_count) / cnt.v_page_count at the start. The intention is to compute (cnt.v_active_count / cnt.v_page_count) fraction of vm_pageout_stats_max. But on machine with relatively large amount of memory, vm_pageout_stats_max * cnt.v_active_count easily overflows 32-bit numbers. Say, on some our machines with 16G RAM, cnt.v_active_count is about 3000000, and default value of vm_pageout_stats_max is about 100000. >How-To-Repeat: >Fix: --- sys/vm/vm_pageout.c 2008-07-28 19:15:05.000000000 +0400 +++ sys/vm/vm_pageout.c 2008-08-01 15:10:40.000000000 +0400 @@ -1284,7 +1284,7 @@ pcount = cnt.v_active_count; fullintervalcount += vm_pageout_stats_interval; if (fullintervalcount < vm_pageout_full_stats_interval) { - tpcount = (vm_pageout_stats_max * cnt.v_active_count) / cnt.v_page_count; + tpcount = ((int64_t)vm_pageout_stats_max * cnt.v_active_count) / cnt.v_page_count; if (pcount > tpcount) pcount = tpcount; } else { >Release-Note: >Audit-Trail: >Unformatted: